Policies for Distributed Systems and Networks, IEEE International Workshop on (2007)
June 13, 2007 to June 15, 2007
Chris Hanson , Massachusetts Institute of Technology, USA
Tim Berners-Lee , Massachusetts Institute of Technology, USA
Lalana Kagal , Massachusetts Institute of Technology, USA
Gerald Jay Sussman , Massachusetts Institute of Technology, USA
Daniel Weitzner , Massachusetts Institute of Technology, USA
Data is often encumbered by restrictions on the ways in which it may be used. These restrictions on usage may be determined by statute, by contract, by custom, or by common decency, and they are used to control collection of data, diffusion of data, and the inferences that can be made over the data. In this paper, we present a data-purpose algebra that can be used to model these kinds of restrictions in various different domains. We demonstrate the utility of our approach by modeling part of the Privacy Act (5 USC ?552a)1, which states that data collected about US citizens can be used only for the purposes for which it was collected. We show (i) how this part of the Privacy act can be represented as a set of restrictions on data usage, (ii) how the authorized purposes of data flowing through different government agencies can be calculated, and (iii) how these purposes can be used to determine whether the Privacy Act is being enforced appropriately.
D. Weitzner, G. J. Sussman, C. Hanson, T. Berners-Lee and L. Kagal, "Data-Purpose Algebra: Modeling Data Usage Policies," Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)(POLICY), Bologna, 2007, pp. 173-177.